From owner-freebsd-security Mon Jul 1 15: 1:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8240337B400 for ; Mon, 1 Jul 2002 15:01:38 -0700 (PDT) Received: from web10108.mail.yahoo.com (web10108.mail.yahoo.com [216.136.130.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 4BB7E43E09 for ; Mon, 1 Jul 2002 15:01:38 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020701220138.66193.qmail@web10108.mail.yahoo.com> Received: from [68.5.49.41] by web10108.mail.yahoo.com via HTTP; Mon, 01 Jul 2002 15:01:38 PDT Date: Mon, 1 Jul 2002 15:01:38 -0700 (PDT) From: twig les Subject: Re: instant snort sigs for new vulnerabilites To: Steve McGhee , snort-users@lists.sourceforge.net Cc: freebsd-security@freebsd.org In-Reply-To: <3D20C250.1020603@lmri.ucsb.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That's a good idea for a quick script that I should have had done months ago. As soon as I put out the lastest mystery fire I'll see if I can get a reasonable little Lynx-based cronjob. --- Steve McGhee wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > with all the fuss lately over the new apache worm, > etc, id like to know > if my machine is getting hit (its patched, just > being curious). i know > about mod_blowchunks, but im looking for something > more general.. > > it seems to me that snort could see these attacks > pretty easily. > > is there a tool/method out there that will retrieve > the *latest* snort > signatures automatically? for those of us not > running snort via CVS, id > like a way to do something like cvsup, but _only_ > update my ruleset > every night or whatever. > > i cc: the freebsd team as this might be a cool > (simple) port. (something > like /usr/ports/security/snort-signatures) > > this could be helpful to people who are just > curious, or maybe could > provide some good numbers to shock lazy sysadmins > into actually patching > their machines. > > > ..of course, this is all assuming there's someone > out there writing > signatures ;) > > - -- > - -steve > > ~ > .......................................................... > ~ Steve McGhee > ~ Systems Administrator > ~ Linguistic Minority Research Institute > ~ UC Santa Barbara > ~ phone: (805)893-2683 > ~ email: stevem@lmri.ucsb.edu > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Using PGP with Mozilla - > http://enigmail.mozdev.org > > iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns > BcxrxnUpvAJK3Sczy5nY4Ir5 > =9LCO > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message